In this document, we'll show you how to use Google as an Identity provider for Paralus. This will allow your users to login via Google and access Paralus. Below is the list of items that we will cover in this document:
Creating a Google SSO Application
Create a new Project if you haven't already. From the top search bar, search for OAuth. You first need to create an OAuth application and provide details for the OAuth consent screen.
Configuring the OAuth Consent UI
Configure the OAuth consent screen by choosting the type of user who would use your application - Internal or External. Internal users are users from your organization, external are users with a valid Google account. We choose Internal in this case.
Provide a name for the application, a user admin email id along with authorized domains. Make sure the authorized domain is SSL enabled. If you don't proivde an SSL enaled domain name, Google won't allow you to use certain fields.
Choose a scope. Scopes are the fields that you want to access from your application. In this case we need access to the user profile with email address and name and oidc.
Creating OAuth App
After you've configured the consent UI, navigate to Credentials and create a new OAuth 2.0 Client Id
Click on Create Credentials button from the top navigation bar and choose OAuth Client ID from the list.
In Application Type, select Web Application
Provide a Name
Add an Authorized redirect URI. This will be the one provided by Paralus OIDC setup page.
Click create to create the OAuth app
Adding an Identity Provider to Paralus
Login to your Paralus dashboard and navigate to System -> Identity Providers and click on New Identity Provider
Provide the name of the identity provider and choose IdP type as Google from the drop down.
For client identifier & secret, provide the client-id & client-secret of the Google OAuth app created earlier.
Under Scope provide openid,email,profile
For Issuer URL, provide this url: https://accounts.google.com
Click Save & Continue.
From the next screen copy the Callback URL and paste it in the callback URL for the Google OAuth app created in the earlier step.
On the Mapper Configuration screen, the mapper url will be pre-filled, click Save & Exit.
At this point, you have successfully added Google as an identity provider for Paralus.
Verify Login with Google
To confirm if the setup was correct, logout from Paralus.
On the login screen, you should now see a Sign In With Google button. Click on it to begin the login process using Google.
Enter your Google credentials and login to Google.
Once authenticated, you'll be redirected to Paralus dashboard.
Congratulations! You've successfully configured Google as an identity provider for Paralus.
Note: Depending on the permission, the user that logs in using Google might not see any projects on the dashboard. As an admin, you'll have to configure their group and assign them a project.
